Skoči na glavni sadržaj

Izvorni znanstveni članak

https://doi.org/10.32985/ijeces.14.3.10

Effective Memory Diversification in Legacy Systems

Daehee Jang ; Sungshin Women’s University Department of Convergence Security Engineering 02844, Seoul, South Korea
Heesun Yun ; Sungshin Women’s University Department of Convergence Security Engineering 02844, Seoul, South Korea


Puni tekst: engleski pdf 3.580 Kb

str. 321-331

preuzimanja: 192

citiraj


Sažetak

Memory corruption error is one of the critical security attack vectors against a wide range of software. Addressing this problem, modern compilers provide multiple features to fortify the software against such errors. However, applying compiler-based memory defense is problematic in legacy systems we often encounter in industry or military environments because source codes are unavailable. In this study, we propose memory diversification techniques tailored for legacy binaries to which we cannot apply state-of- the-art compiler-based solutions. The basic idea of our approach is to automatically patch the machine code instructions of each legacy system differently (e.g., a drone, or a vehicle firmware) without altering any semantic behavior of the software logic. As a result of our system, attackers must create a specific attack payload for each target by analyzing the particular firmware, thus significantly increasing exploit development time and cost. Our approach is evaluated by applying it to a stack and heap of multiple binaries, including PX4 drone firmware and other Linux utilities.

Ključne riječi

Legacy System; Diversification; Memory Layout Randomization; UAV Firmware;

Hrčak ID:

296702

URI

https://hrcak.srce.hr/296702

Datum izdavanja:

28.3.2023.

Posjeta: 612 *